Check Point® Software Technologies Ltd. (NASDAQ: CHKP), today announced its financial results for the fourth quarter and full year ended December 31, 2020.
Fourth Quarter 2020
- Total Revenues: $564 million, a 4 percent increase year over year
- Deferred Revenues: $1,482 million, a 7 percent increase year over year
- GAAP Operating Income: $251 million, representing 45 percent of revenues
- Non-GAAP Operating Income: $285 million, representing 51 percent of revenues
- GAAP EPS: $1.95, a 6 percent increase year over year
- Non-GAAP EPS: $2.17, a 7 percent increase year over year
Full Year 2020
- Total Revenues: $2,065 million, a 4 percent increase year over year
- GAAP EPS: $5.96, a 10 percent increase year over year
- Non-GAAP EPS: $6.78, an 11 percent increase year over year
“We are pleased with our fourth quarter and full year 2020 financial results. Business in our fourth quarter grew across all focus areas including cloud, network and remote access security with subscriptions revenue growth of 10 percent and non-GAAP EPS growth of 11 percent year over year. This reflects the continued execution of our strategy and the importance of cyber security during these unprecedented times,” said Gil Shwed, Founder and CEO of Check Point Software Technologies. “The global pandemic drove the new normal, a hybrid work environment and accelerated digital transformation that created security challenges across all types of organizations. The Infinity security platform enables the prevention of Gen V cyber-attacks across all major attack vectors. Delivering cyber security is now more critical than ever and I would like to thank our customers, partners and employees for making that happen.”
Financial Highlights for the Fourth Quarter of 2020
- Total Revenues: $564 million compared to $544 million in the fourth quarter of 2019, a 4 percent increase year over year.
- GAAP Operating Income: $251 million compared to $249 million in the fourth quarter of 2019, representing 45 percent and 46 percent of revenues in the fourth quarter of 2020 and 2019, respectively.
- Non-GAAP Operating Income: $285 million compared to $280 million in the fourth quarter of 2019, representing 51 percent of revenues in the fourth quarter of 2020 and 2019.
- GAAP Taxes on Income (tax benefit): $2 million compared to $3.1 million in the fourth quarter of 2019.
- GAAP Net Income & Earnings per Diluted share: GAAP net income was $271 million compared to $272 million in the fourth quarter of 2019. GAAP earnings per diluted share were $1.95 compared to $1.84 in the fourth quarter of 2019, a 6 percent increase year over year.
- Non-GAAP Net Income & Earnings per Diluted share: Non-GAAP net income was $301 million compared to $299 million in the fourth quarter of 2019. Non-GAAP earnings per diluted share were $2.17 compared to $2.02 in the fourth quarter of 2019, a 7 percent increase year over year.
- Deferred Revenues: As of December 31, 2020, deferred revenues were $1,482 million compared to $1,387 million as of December 31, 2019, a 7 percent increase year over year.
- Cash Balances, Marketable Securities & Short Term Deposits: $4,000 million as of December 31, 2020, compared to $3,949 million as of December 31, 2019.
- Cash Flow: Cash flow from operations of $293 million compared to $246 million in the fourth quarter of 2019. The fourth quarter of 2020 includes $26 million of income related to our currency hedging transactions compared to $2 million in the fourth quarter of 2019. In addition, in the fourth quarter of 2019 our cash flow from operations included $12 million of acquisition-related costs.
- Share Repurchase Program: During the fourth quarter of 2020, the company repurchased approximately 2.7 million shares at a total cost of approximately $323 million.
Financial Highlights for the Year Ended December 31, 2020
- Total Revenues: $2,065 million compared to $1,995 million in 2019, a 4 percent increase year over year.
- GAAP Operating Income: $904 million compared to $882 million in 2019, representing 44 percent of revenues in 2020 and 2019.
- Non-GAAP Operating Income: $1,035 million compared to $1,003 million in 2019, representing 50 percent of revenues in 2020 and 2019.
- GAAP Taxes on Income: $124 million compared to $137 million in 2019.
- GAAP Net Income & Earnings per Diluted Share: GAAP net income was $847 million compared to $826 million in 2019. GAAP earnings per diluted share were $5.96 compared to $5.43 in 2019, a 10 percent increase year over year.
- Non-GAAP Net Income & Earnings per Diluted Share: Non-GAAP net income was $963 million compared to $933 million in 2019. Non-GAAP earnings per diluted share were $6.78 compared to $6.13 in 2019, an 11 percent increase year over year.
- Cash Flow: Cash flow from operations of $1,152 million compared to $1,102 million in 2019.
- Share Repurchase Program: During 2020, the company repurchased approximately 11.4 million shares at a total cost of approximately $1,298 million.
For information regarding the non-GAAP financial measures discussed in this release, as well as a reconciliation of such non-GAAP financial measures to the most directly comparable GAAP financial measures, please see “Use of Non-GAAP Financial Information” and “Reconciliation of GAAP to Non-GAAP Financial Information.”
In April, we announced the transformation of our appliance security gateways into the new Quantum Security GatewaysTM delivering premier security. The new line of 15 security gateway models extends the Infinity architecture from the branch office to the data center. All Quantum models out-of-the box deliver our highest level of threat prevention using the Sandblast Zero-day Protection, providing more than 60 security and threat prevention services. Since its launch and through 2020, we witnessed a high transition rate of over 90% to the new Quantum model.
The outbreak of COVID-19 required organizations to accelerate their transition to the cloud which left them vulnerable to cloud-targeted attacks. Check Point expanded its CloudGuard security platform to deliver unified cloud native security for cloud assets and workloads, with the ability to automate security, prevent threats, and manage posture across multi-cloud environment.
Another immediate impact of the pandemic was a surge in cyber-attacks targeting IOT networks at manufacturing plants, utilities and other mission critical environments. We announced the new IoT Protect solution designed to secure IoT devices and networks against the most advanced cyber-attacks. The solution delivers threat prevention and security management capabilities to block cyber-attacks at both IoT network and IoT device level, using threat intelligence and innovative IoT-specific security services.
With the increase in cyber-attacks volume and sophistication, Security Operations Centre (SOC) teams struggle to identify and mitigate malicious activity on their complex network estates. We launched Infinity SOC to help security teams cut through the daily overload of alerts, and reduce network blind spots to expose, and shut down cyber-attacks with best-in-class speed and precision. Infinity SOC is used daily by the Check Point research cyber analysts, to expose and investigate the world’s most dangerous and sophisticated cyber-attacks.
We continuously strive to allow security professionals to manage Cyber Security in the most secure, simple and efficient way. Earlier in 2020 we launched Unified Security Management as a Cloud Service to cut security operations time significantly. This provided Check Point customers with the quickest route to deploying Check Point’s unified security management across their entire network fabric from their web browser, with no need for ongoing maintenance or manual updates.
In October we launched the latest version of our cyber security platform R81 – The industry’s first to deliver autonomous threat prevention designed for the entire distributed enterprise, enabling IT staff to manage the most complex and dynamic network environments easily and efficiently. Based on the new R81 Cyber Security Platform and SandBlast Network, Check Point introduced Infinity Threat Prevention. This new capability was designed to significantly reduce admin overhead and strengthen and organizations security posture by automatically maintaining network protection with zero maintenance. With R81 security professionals can rapidly respond to changing security needs with fastest policy installation: Reducing policy installation time by up to 90%. The platform also introduces significant improvements in performance and hardware utilization as well as optimal security for encrypted network traffic (SSL).
Partnerships & Customers
Check Point named NTT Ltd. as the first global Infinity partner. NTT was the first managed security services provider to obtain a five star status in all countries where NTT and Check Point operate. The companies’ combined capabilities enable clients to protect their infrastructure, applications, and intellectual property on a ‘Secure by Design’ basis.
The Covid-19 pandemic highlighted the need for security that seamlessly expands on demand to hyperscale capacity. In December, Check Point announced that it had been chosen by NHS National Services Scotland, the publicly funded healthcare service in Scotland, to secure and streamline the management of its public cloud data, and provide complete threat prevention for vital public services such as Scotland’s ‘Test & Protect’ and vaccine management services.
Research & Cyber Security
The impact of COVID-19 on cyber security continued in the fourth quarter of 2020 and was evident in new and sophisticated cyber threats, taking advantage of organizations’ and employees’ shift to a “new normal”.
In December, Check Point conducted a global survey of over 600 IT security professionals, where 58% of respondents said their organization has experienced an increase in cyber-attacks since the start of the Covid-19 outbreak. The survey found that securing remote workers will be a leading priority and challenge for the next 2 years, as roughly half of organizations believe the workplace will not return to pre-pandemic norms.
As hackers continue to find new ways to exploit the pandemic’s disruption, the effects of the Covid-19 pandemic will continue to be a key focus for organizations’ IT and security teams. Check Point’s 2021 Cyber-security Predictions outlined that more COVID-19 related attacks, developments in malware and cyber-conflicts, and new threats to 5G and the Internet of Things will top organizations’ security agendas during the next 12 months.
Earlier in the quarter, our researchers warned that organizations worldwide were in the midst of a massive wave of ransomware attacks. In Q3 2020, Check Point Research saw a 50% increase in the daily average of ransomware attacks, compared to the first half of the year.
They also examined attacks targeting healthcare organizations. Following the CISA, FBI, and HHS warning about ransomware attacks on U.S. hospitals, Check Point found that healthcare was the most targeted industry by ransomware, in the US during October. Check Point documented a 45% increase in cyber-attacks targeting healthcare organizations worldwide, placing the healthcare sector at the top of the hit list for cyber criminals.
In December, news of Covid-19 vaccine availability drove global interest and expectation. Check Point Research found a stream of posts on the Darknet from sources claiming to have a range of “Coronavirus vaccines” or “Coronavirus remedies” for sale, amid the warnings of vaccine scams from the FBI and Europol.
Vulnerabilities in Applications & Infrastructure
TikTok fixes privacy issue: Check Point Research discovered a vulnerability in TikTok’s “Find Friends” feature that bypassed its privacy protections. If left unpatched, the vulnerability would have enabled an attacker to access a user’s profile details and phone number associated with their account, making it possible to build a database of information for use in malicious activity.
Game On: Finding vulnerabilities in Valve’s “Steam Sockets”: Check Point Research identified four vulnerabilities in the network library of Steam, a popular online platform from game developer Valve and used by over 25 million users concurrently at peak time. If left unpatched, an attacker could have used the security flaws to remotely crash an opponent’s game client, take over a gamer’s computer, as well as hijack all computers connected to a third party game server.
Vulnerability in Google Play Core Library Remains Unpatched in Google Play Applications: Check Point Research confirmed that popular applications on Google’s Play Store continued to be vulnerable to the known vulnerability CVE-2020-8913, concluding that hundreds of millions of Android users still faced significant security risk. Threat actors could have potentially used the vulnerable apps to siphon off sensitive data from other apps on the same device and steal users’ private information, such as login details, passwords, financial details, and mail.
Pay2Key – Following the money to track down the threat actors behind a new ransomware campaign: Check Point Research identified a never-before-seen ransomware strain, dubbed Pay2Key, actively targeting Israeli and European organizations. Researchers traced Bitcoin wallets found in ransomware notes to an Iranian cryptocurrency exchange requiring valid Iranian phone number and government ID for user eligibility.
Measuring the Global Impact of the NSA’s Top 25 Vulnerabilities Being Exploited in the Wild: Check Point conducted an analysis to underscore the severity of the 25 vulnerabilities outlined in NSA’s report. Their findings revealed that hackers exploited many the vulnerabilities listed in NSA’s report and that on average, those vulnerabilities were exploited 7 times more compared to other vulnerabilities in 2020.
Malware and Campaigns Research
In Q4, we’ve seen a continuous wave of Phishing attacks, one of the most popular attack vectors targeting the lifecycle of online shopping, specifically during the “Shopping season.”
Brand Phishing Report for Q4 2020: The latest brand phishing report revealed which brands were most frequently imitated by criminals in their attempts to steal individuals’ personal information or payment credentials. In Q4, Microsoft was again the brand most frequently targeted by cybercriminals, as it was in Q3 2020.
Amazon Prime Day Research: Check Point conducted an analysis of cyber threats related to Amazon’s Prime Day, the annual online shopping event available to over 150 million Amazon Prime members. Leading up to Amazon Prime day there was a sharp increase in the number of malicious domains registered containing the words “Amazon”, as well “Prime”.
Phishing emails doubled in November in run-up to Black Friday and Cyber Monday: Prior to the Black Friday shopping weekend, there was an 80% increase in malicious phishing campaigns targeting online shoppers in the form of “special offers”, and urge shoppers to be wary of “too good to be true” online bargains.
Shipping and delivery-related phishing emails: In the month of November, there was a 440% global increase in shipping related phishing emails, compared to October. Hackers impersonated Amazon, DHL and FedEx, by sending “Track your Shipment” or “Delivery Issue” emails to trick holiday shoppers into giving up their personal details for financial fraud.
And hackers are continuously expanding Phishing attempts also with Vishing.
How to Avoid Being Hooked by Vishing – the New Old-School Phone Scam: Vishing is the fraudulent attempt to gain access to private or corporate information or systems through voice calls. Check Point Research shared how attackers used vishing calls to gain access to corporate systems, for WhatsApp accounts takeover, and to enhance the overall phishing attack process
Malware is becoming a monetization channel for hackers Going Rogue – Mastermind behind Android malware returns with a New RAT: Check Point Researcher exposed an Android malware vendor using a marketer on the dark net to rebrand its products. The vendor, named “Triangulum”, teamed up with “HeXaGoN Dev” to introduce a new brand of malware called Rogue, capable of device takeover and exfiltration of data, such as photos, location, contacts, and messages.
Graphology of an Exploit – Fingerprinting exploit authors to help with hunting zero-day exploits in the wild: Check Point Researcher developed a technique to recognize the “hand-writing” of exploit developers. By recognizing the unique “hand-writing”, security researchers can detect the presence of exploits written by these exploit developers in specific malware families, detect additional exploits written by the same developer, and block malware families that bought a given exploit from a developer that is studied and fingerprinted. To demonstrate, Check Point Researchers tracked 16 Windows LPE exploits to two different authors that sold to Russian APT groups and others.
Malicious US Election-related Domains: Prior to the US election, election-related domains were 56% more likely to be malicious. Check Point Research mapped 6 attack scenarios to watch for during the 2020 US elections.
Analysts & Recognitions
We continued our focus on security through innovation, industry research and recognition including:
Check Point Software was named a Leader in the Gartner Magic Quadrant for Network Firewalls for the 21st year. We believe this recognition highlights Check Point’s comprehensive security vision across cloud and on premise security, advanced threat prevention, and centralized security management.
Throughout the quarter Check Point demonstrated its ongoing commitment to provide cyber-security education and training at all levels. In November, Check Point became an official training partner for (ISC)², the world’s leading and largest non-profit association of certified cyber-security professionals. This partnership opened the door for cyber-security practitioners globally, with a focus on CISOs, to access (ISC)² professional certification training and exam preparation courses.
Check Point continued to develop its CISO academy by becoming an accredited trainer with ISACA, a global learning organization and technology association. The partnership will see Check Point and ISACA provide CISOs with new ways to prepare for and attain certified cyber skills.
In November, Check Point joined Microsoft’s OCP FY21 Q1 Winners Circle Program. Microsoft awarded Check Point ‘Top Azure P2P IP Co-Sell by an ISV partner’ for the Microsoft OCP FY21 Q1 Winners Circle program.
Conference Call and Webcast Information
Check Point will host a conference call with the investment community on February 3, 2021, at 8:30 AM ET/5:30 AM PT. To listen to the live webcast or replay, please visit the website www.checkpoint.com/ir.
First Quarter 2021 Investor Conference Participation Schedule
- Goldman Sachs Technology & Internet Conference 2021
February 11, 2021 – Virtual
- Raymond James 2021 Institutional Investor Conference
March 1, 2021 – Virtual
- Morgan Stanley 2021 Media, Telecommunications & Technology Conference
March 4, 2021 – Virtual 1×1 Meetings Only
- Credit Suisse 2021 Investor Relations 1×1 Conference
March 8, 2021 – Virtual 1×1 Meetings Only
- SunTrust Robinson Humphrey 2021 Technology, Internet & Services Conference
March 10, 2021 – Virtual
Members of Check Point’s management team are expected to present at these conferences and discuss the latest company strategies and initiatives. Check Point’s conference presentations are expected to be available via webcast on the company’s web site. To hear these presentations and access the most updated information please visit the company’s web site at www.checkpoint.com/ir. The schedule is subject to change.
About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading provider of cyber security solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware and other types of attacks. Check Point offers multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention, which defends enterprises’ cloud, network and mobile device held information. Check Point provides the most comprehensive and intuitive one point of control security management system. Check Point protects over 100,000 organizations of all sizes.
©2021 Check Point Software Technologies Ltd. All rights reserved
Legal Notice Regarding Forward-Looking Statements
This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. Forward-looking statements generally relate to future events or our future financial or operating performance. Forward-looking statements in this press release include, but are not limited to, statements related to our expectations regarding our products and solutions, expectations related to cybersecurity and other threats, expectations related to the Covid-19 pandemic, and our participation in investor conferences during the first quarter of 2021. Our expectations and beliefs regarding these matters may not materialize, and actual results or events in the future are subject to risks and uncertainties that could cause actual results or events to differ materially from those projected. These risks include our ability to continue to develop platform capabilities and solutions; customer acceptance and purchase of our existing solutions and new solutions; the market for IT security continuing to develop; competition from other products and services; and general market, political, economic and business conditions, including as a result of the impact of the Covid-19 pandemic. The forward-looking statements contained in this press release are also subject to other risks and uncertainties, including those more fully described in our filings with the Securities and Exchange Commission, including our Annual Report on Form 20-F filed with the Securities and Exchange Commission on April 2, 2020. The forward-looking statements in this press release are based on information available to Check Point as of the date hereof, and Check Point disclaims any obligation to update any forward-looking statements, except as required by law.
Use of Non-GAAP Financial Information
In addition to reporting financial results in accordance with generally accepted accounting principles, or GAAP, Check Point uses non-GAAP measures of operating income, net income and earnings per diluted share, which are adjustments from results based on GAAP to exclude, as applicable, stock-based compensation expenses, amortization of intangible assets and acquisition related expenses and the related tax affects. Check Point’s management believes the non-GAAP financial information provided in this release is useful to investors’ understanding and assessment of Check Point’s ongoing core operations and prospects for the future. Historically, Check Point has also publicly presented these supplemental non-GAAP financial measures in order to assist the investment community to see the Company “through the eyes of management,” and thereby enhance understanding of its operating performance. The presentation of this non-GAAP financial information is not intended to be considered in isolation or as a substitute for results prepared in accordance with GAAP. A reconciliation of the non-GAAP financial measures discussed in this press release to the most directly comparable GAAP financial measures is included with the financial statements contained in this press release. Management uses both GAAP and non-GAAP information in evaluating and operating business internally and as such has determined that it is important to provide this information to investors.